SSH authentication fails with error "sss_ssh_knownhostsproxy: connect to host localhost port 22: Connection refused"

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9

Issue

  • Unable to login to server through SSH. It fails with error :
sss_ssh_knownhostsproxy: connect to host xxxxxx port 22: Connection refused
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535

Resolution

  • Edit the /etc/ssh/sshd_config file as below : -
# vi /etc/ssh/sshd_config

ListenAddress 10.x.x.x
ListenAddress 0.0.0.0  ------------> Add this line
  • Restart sshd services after making the changes.
# systemctl restart sshd

  • The ListenAddress is actually telling which system interface the SSH server should listen on. Requests on any other interfaces will be denied.

  • Configure sshd to listen on multiple interfaces.

Root Cause

  • By default sshd service listens request on all the interfaces.
# cat /etc/ssh/sshd_config | grep -i ListenAddress

#ListenAddress 0.0.0.0
#ListenAddress ::
  • Verified that sshd was configured only to listen on a particular interface.
# cat /etc/ssh/sshd_config | grep -i ListenAddress

ListenAddress 10.x.x.x

Diagnostic Steps

  • Authentication success on PAM stack but fails at ssh level :-
Jan  5 03:18:14 dc-ins-db2 sshd[1935664]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x user=abc
Jan  5 03:18:14 dc-ins-db2 sshd[1935664]: Accepted password for abc from x.x.x.x port 54891 ssh2
Jan  5 03:18:14 dc-ins-db2 systemd[1935672]: pam_unix(systemd-user:session): session opened for user abc(uid=13635) by (uid=0)
Jan  5 03:18:14 dc-ins-db2 sshd[1935664]: pam_unix(sshd:session): session opened for user abc(uid=13635) by (uid=0)

sss_ssh_knownhostsproxy: connect to host localhost port 22: Connection refused
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments